Malware Hunter: New Service From Search Engine Shodan Finds Malware Servers
Shodan, a search engine for internet-connected devices, has partnered with cybersecurity firm Recorded Future to develop a new tool that finds malware command-and-control servers and block their attacks.
The new online crawler, known as Malware Hunter, is capable of crawling the web and finding the servers malicious programs are communicating with, and blocking traffic with those servers to mitigate the threat.
Read: Cyberattacks: Phishing, Ransomware Attacks Rose In 2016, Symantec Reports
Malware Hunter performs a continuous scan across the internet to final command-and-control servers for more than 10 commercially available malware attacks and remote access Trojans (RAT), including Gh0st RAT, DarkComet, njRAT, XtremeRAT and ZeroAccess.
These tools that are regularly traded in the darker corners of the internet and used to attack individuals and businesses. They are capable of effectively hijacking the functionality of any infected device. Gh0st RAT, a malware program that originated in China and has been used in attacks since 2009, was the most popular program of the lot.
Shodan’s new tool has already identified more than 5,700 RAT servers, including more than 4,000 located in the United States. The service continuously updates any malicious servers it spots in real-time.
In order to identify these attacks, Malware Hunter uses a method developed by security firm Recorded Future. It sends out a crawler that connects to a public-facing IP addresses and sends them traffic that mimics what would come from a malware attack. The response from the server indicates if it is a malware command-and-control server.
Read: Is Your Smartphone Spying On You? Phone Cameras, Microphones At Risk Of Hacking, Expert Says
The approach does run the risk of triggering false-positives, but the creators of Malware Hunter assure the service "doesn't perform any attacks and the requests it sends don't contain any malicious content," so even incorrectly flagged servers don’t have to worry about being targeted.
Malware Hunter present a possible new layer of security for security companies, which can tap into the real-time list of malware centers and cut off traffic to and from the malicious servers, preventing them from manipulating infected devices or stealing information.
The development of Malware Hunter is just the latest tool to make use of Shodan, an increasingly powerful search engine that can find any number of internet-connected devices that are active online.
Shodan exposes a considerable amount of information; it’s been used to identify not only the typical Internet of Things devices like cameras and home lighting systems but traffic light controls, Caterpillar trucks, fetal heart monitors and security systems for banks, among other things.
Debate has swirled over Shodan and its purpose. It allows those with malicious intentions to target exposed users, but it also highlights just how vulnerable many internet-connected devices are. The introduction of Malware Hunter may help clean up the image of Shodan, as it appears to be a public service by the company to track down the origins of malware attacks.
© Copyright IBTimes 2024. All rights reserved.